Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Member

HTTPS and transparent mode

Hello support,

should I enable HTTPS proxy if I am going to use transparent mode for WSA deplyoment ?

4 REPLIES
Cisco Employee

HTTPS and transparent mode

If you are planning to do decryption then you MUST enable the HTTPS proxy. If you do not plan to do decryption then you don't have to enable it but do not redirect port 443 to the WSA if the HTTPS proxy is not enabled.

Community Member

HTTPS and transparent mode

Hello Tommy,

Thank you for your response ,would you please describe the side effects of redirecting port 443 to WSA if https is not enabled ? we are planning to set the WSA in transparent mode as I have read in the user guide that the transparent can accept both explicitly forwarded and transparent requests. My concern is that i have some users working on Citrix server with cookie-based surrogate and some other fat clients. The guide stated that there are problems in using cookie-based and transparent,appreciate your help as I am not much that familiar with WSA

How can I configure my policies so it works for both fat clients and Citrix server users??

Regards,

Cisco Employee

HTTPS and transparent mode

As with any TCP device it has to listen on a port for connections to accept the socket. If you do not enable HTTPS proxy then we do not listen on port 443 for connections so any connection redirected to the proxy on port 443 will simply fail when using transparent mode. In explicit mode the browser is told to send HTTPS traffic to the proxy on the proxy port 80, 3128, 8080 etc. so the proxy is listening on that specific port for any traffic. The same would happen to HTTP traffic if you redirect traffic to the proxy on port 9999 but didn't configure the proxy to accept traffic on port 9999.

Depending on the version of WSA code you are running you can set the surrogate type in the Access Policy. Not being familair with your network I would say if you have Citrix servers then create an identity for the servers based on IP address and authentication and set the surrogate to session based cookies.

Community Member

HTTPS and transparent mode

Thank you so much for your explanation Tommy and making me aware of this. much thanks for support

493
Views
0
Helpful
4
Replies
CreatePlease to create content